Audit_Chapter 2.docx

8/10/2019 Audit_Chapter 2.docx

1/9

1

Introduction

Until 2002, the accounting profession was self-regulated; the standards governing audits were

established by members of the profession themselves (through theAmerican Institute of

Certified Public Accountants, or AICPA)

As a result of audit failures to Enron and WorldCom, Congress passed the Sarbanes-Oxley Act of

2002

o Among other reforms, this act created the Public Company Accounting Oversight Board

(PCAOB) to provide external and independent oversight over the audits of public entities

o A public entityis one who offers registered securities, such as stocks and bonds, for sale to

the general public

o The PCAOB is mainly responsible for registering public accounting firms, establishing

standards for audit engagements, and inspecting the quality of audits conducted by

registered public accounting firms

PCAOB has met a lot of controversy, including criticisms of the increased costs for

public companies of complying with the PCAOBs standards related to internal

control, as well as their inspection process

Firms have filed a lawsuit challenging the constitutionality of the PCAOB based onboth the process through which members of the PCAOB are appointed as well as the

powers held by those members

Generally Accepted Auditing Standards (GAAS)

The AICPA first developed standards that served as the basis for audits of both public and

nonpublic entities

o 1972-present, AICPAsAuditing Standards Boardissues the Statements on Auditing

Standards(SASs) to provide guidance for the conduct of audits

o The PCAOB issuesAuditing Standards, which are subject to the formal approval of the SEC

The authorization for developing standards for the audit of public entities belongs

to the PCAOB, while the authorization for developing standards to nonpublic

continues to remain with the Auditing Standards Board of the AICPA

Together, the pronouncements of the AICPA and PCOAB are collectively referred to as generally

accepted auditing standards (GAAS)

o GAAS are auditing standards that identify the necessary qualifications and characteristics

of auditors and guide the conduct of the audit examination

o The purpose of GAAS is to meet the objectives of an audit examination, which are:

To obtain reasonable assurance about whether the financial statements as a whole

are free of material misstatement, whether due to fraud or error, thereby enabling

auditors to express an opinion on whether the statements are presented fairly in allmaterial respects in accordance to applicable financial framework

And, to report on the financial statements, and communicate as required by GAAS, in

accordance with the auditors findings

Generally, auditors that dont follow guidance provided by GAAS are presumed to have performed

deficient audits


2/9

2

o Auditing standards can be unconditionally required(auditors must fully comply with the

provisions or standards), orpresumptively mandatory required (auditors can depart from

standards under certain circumstance and with appropriate documentation)

More auditing literature: Interpretive publications

o This includesAICPA Audit and Accounting Guides, andAICA Auditing Statements and

Positionsprovide application of GAAS in specific circumstances and for certain

industries

o

These are less authoritative than SASs and Auditing Standards but auditors must still

justify any departure from these publications

In sum, GAAS:

o (1) Fundamental Principles (guide general conduct of audit engagements)(2) PCAOB

Auditing StandardsandASB Statements on Auditing Standards(both provide support to

fundamental principles);can also include (3) the Interpretive publications(provide

further guidance on application of GAS)

Auditing Standards vs. Auditing procedurestwo different things

o Audit proceduresare the specialized actions auditors take to obtain evidence in a specific

audit engagementthey are usually situation-specific: depend on the industry, the type ofentity, the complexity of the accounting system, etc.

o Auditing Standards are quality guides to the audit that apply to all audits

Hence, auditors reports refer to an audit conducted in accordance with standards

of PCAOB

We have special auditing standards for governmental and foreign entities

o A firm that audits public and private entities throughout the world may be subject to

multiple and sometimes conflicting standards issued by the ASB, PCAOB, and IAASB

Having multiple sets of standards for the audits of different entities is a current

challenge

Auditors and regulators have a great interest in convergence making the

standards coordinated throughout the world

International Standards on Auditing (ISAs)are the first step in the development of

one consistent set of guidelines that auditors worldwide can follow

Public entities Nonpublic Governmental Foreign

Rule-making body PCAOB AICPA- Auditing

Standards Board

(ASB)

U.S. Government

Accountability

Office (GAO)

IFAC -

International

Auditing and

Assurance

Standards Board(IAASB)

Standards Auditing

Standards (ASs)

Statements on

Auditing

Standards (SASs)

Government

Auditing

Standards (The

Yellow Book)

International

Standards on

Auditing (ISAs)

Website www.pcaobus.corg www.aicpa.org www.goa.gov www.ifac.org
http://www.pcaobus.corg/http://www.pcaobus.corg/http://www.aicpa.org/http://www.aicpa.org/http://www.goa.gov/http://www.goa.gov/http://www.ifac.org/http://www.ifac.org/http://www.ifac.org/http://www.goa.gov/http://www.aicpa.org/http://www.pcaobus.corg/


3/9

3

Organization of GAAS

Body of GAAS emerged from 10 basic standards that were classified into three major categories:

o General standards

o Standards of field work

o Standards of reporting

ASB made an Exposure Draft and identified three fundamental principles very similar to the 10

basic standards underlying an audit

o

These are related to the: responsibilities of the audit team,performance of the audit, and

reporting the results of the engagement

o Exhibit 2.1 (pg. 41) compares the 10 basic standards to the 3 fundamental principles of ASB

Comparison of AICPA GAAS with ASB Fundamental Principles

10 Basic Standards Responsibilities Principles

General Standards Auditors responsible for:

1. Competence and capabilities; 2. Complying with eth

requirements (independence and due care); 3. Profes

skepticism and professional judgment

1. Training and proficiency

2. Independence in mental attitude

3. Due professional care in audit and report

Standards of Field Work Performance Principle1. Planning and supervision To obtain reasonable assurance:

1.Plan work and supervise assistants; 2. Determine an

apply appropriate materiality levels; 3. Identify and as

risk of material misstatements; 4.Obtain sufficient evi

2. Understand entity and its environment to asses

risk of material misstatement

3. Obtain sufficient evidence

Standards of Reporting Reporting Principle

1. F/S in accordance with GAAP Based on evidence obtained, auditor:

1. Expresses an opinion or states that an opinion can't

expressed; 2. Opinion is based on conformity of financ

statements with applicable financial reporting framew

1. GAAP is applied consistently (only report if it was

not applied consistently)

3.Adequacy of disclosures (only report if inadequate)

4. Express of disclaim an opinion

The fundamental principles closely parallel the definition of auditing

o Responsibilities principledefines objectivity and identifies auditors role

o Performance principlerequires auditors to plan their work (systematic process) and to

obtain and evaluate evidence through assessing the risk of material misstatement and

gathering sufficient evidence

o Reporting principleprovides guidance for communicating results of the audit about

whether financial statements prepared using established criteria

Fundamental Principle: Responsibilities

Fundamental principle of responsibilities relates to personal integrity and professional

qualification of auditors; it includes:

o Having appropriate competence and capabilities to perform audit

o Complying with relevant ethical requirements : independence and due care

o Maintaining prof. skepticism and using professional judgment throughout the audit

Most points relating to responsibilities principle are addressed before firm accepts a client

o However, Prof. skepticism and prof. judgment must be exercised throughout entire audit

engagement


4/9

4

Stages of an Audit (see page 42 for chart)

1. Obtain (or retain) engagement

Responsibilities in this stage:

o Competence and capabilities

o Relevant ethical requirements (independence and due care)

2. Engagement Planning

3. Risk Assessment

4. Audit Evidence

5. Reporting

Competence and Capabilities

The competence and capabilities component of responsibilities principle has two elements:

education and expertise/experience

o Education: auditors are experts in accounting standards, financial reporting and auditing

In addition to university-level education, auditors are also required to participate in

continuing professional educationthroughout their careers to keep pace with

changes in accounting profession*Continuing professional education is a requirement for maintaining CPA

o Experience: gained through hands-on practice and on-the-job training

Includes the ability to develop and apply professional judgment during audits

Judgments relate to gathering evidence on fairness of financial statements,

evaluating evidence against GAAP, etc.

Independence and Due Care

Responsibilities principle requires auditors to comply with appropriate ethical requirements

o Two specific ethical requirements we must know: independenceand due care

Auditors must maintain independence in mental attitude: they are expected to be unbiased and

impartial with respect to information they audit

o This state of mind and impartiality with respect to a client is also called independence in

fact

Auditors must also appear unbiased; independence in appearanceis the extent to which others

(particularly financial statement users) perceive auditors to be independent

o Example: if an auditor owns shares of a clients stock, third-party users would not perceive

the auditor to be independent (even though the mental attitude of the auditor is impartial)

The concept of independence has evolved over time SEC has issued rules that prohibit audits

from providing financial systems implementation and audit services to their clients; and all non-

audit work must be approved by audit committee before taken up

o SOX has imposed more restrictions (see page 43 for details on restrictions)

Two major threats to independence exist:

o 1. Financial relationships, such as owning shares of stock in a client or having a loan

outstanding to/from a client

o 2. Managerial relationships, such as the ability to act in a decision-making capacity on

behalf of a client or to provide advice on information that will be audited

Responsibilities for these stages include:

Professional skepticism and professional judgment Due care


5/9

5

Independence must be guardedgeneral public will grant professional status to an auditor only

as long as they are perceived to be independent

Second ethical requirement: due care

o Due carereflects a level of performance that would be exercises by reasonable auditors in

a similar circumstance; auditors are expected to possess the skills and knowledge of others

in their profession and are not expected to be infallible

This aspect relates to the competence and capabilities of the auditor to perform the

engagement and issue appropriate reports

One specific element of due care is performing the audit with appropriate level of

professional skepticism

Professional Skepticism and Professional Judgment

Both professional skepticism and professional judgment are required throughout the entire audit

process

Professional skepticismis a state of mind characterized by appropriate questioning and a

critical assessment of audit evidence; Auditors consider:

o Contradictory evidence obtained through different procedures

o

Reliability of documentary evidenceo Reliability of information obtained from management and those in charged of the entity

(audit committee)

Professional judgmentis the application of relevant training, knowledge, and experience in

making informed decisions about appropriate courses of action during the audit engagement

o These judgments relate to the evidence obtained during the audit and the conclusions

reached

Professional judgment is exercised through gathering, evaluating and drawing

conclusions on the evidence

o Auditors are required to carefully document their professional judgment in a way such that

experienced auditors with no previous relationship to the audit can understand the

judgments and conclusions made

Fundamental Principle: Performance

Fundamental principle ofperformance sets for the quality for conducting an audit

o Performance is also highly influenced by the need for prof. skepticism and prof. judgment

The performance principle states:

o To express an opinion, the auditor obtains reasonable assurance about whether the

financial statements are free from material misstatements, whether due to fraud/error. To

obtain reasonable assurance (high, but not absolute assurance), the audit must:

Plan the work and supervise assistants

Determine appropriate materiality level throughout the audit

Assess risk of material misstatement, whether due to fraud or error, based on

understanding the entity/its environment, and its internal control

Obtain sufficient audit evidence about whether material misstatements exist,

through implementing appropriate responses to assessed risks


6/9

6

Basically, performance principle contains five elements: (1) reasonable assurance, (2) planning

and supervision, (3) materiality, (4) risk assessment, and (5) audit evidence

Reasonable Assurance

Reasonable assurance recognized that a GAAS audit may not detect all material misstatements and

that auditors are not insurers or guarantors regarding the fairness of the entitys financial

statements

o Auditors are expected to provide a high level of assurance about their work (not absolute

assurance)

o Reasonable assurance is provided by assessing various risks relating to the likelihood of

material misstatement in financial statements and performing audit procedures to control

the risk to a low level

Why cant GAAS audits achieve absolute assurance? Some limitations:

o Auditors are not infallible

o The nature of financial reporting is such that certain aspects of this process are subject to

management judgment and estimates (useful lives for depreciation, etc.)

o Audit procedures cant always detect misstatements

o

Due to time constrains, auditors only evaluate a sample of transactions/components*Despite these limitations, the concept of reasonable assurance does require auditors to

reduce the risk of failing to detect a material misstatement to a low level

Planning and Supervision

After obtaining/retaining an engagement, the next step is planning; it includes:

o (1) Preparing an audit and supervising and audit work

o (2) Obtaining knowledge of clients business

o (3) Dealing with differences of opinion among the accounting firms personnel

GAAS requires a written audit plana list of the audit procedures auditors need to perform to

gather sufficient appropriate evidence on which to base their opinion on the financial statements

Auditors must obtain an understanding of the clients business and industry

o This helps auditors identify areas for special attention (accounts or transactions where

fraud may exist), evaluate the reasonableness of accounting estimates, and make

judgments about managements choices among accounting principles

Timing is extremely important for audit planningin order to have enough time to plan an audit,

auditors need to be engaged before the fiscal year end (known as the date of the financial

statements)

o More advance notice allows more time for planning

o The audit team may also be able to perform part of the audit at an interim datea date that

is weeks or months before year-end, and thereby make the rest of the audit work more

efficient

January 1 November 10 December 31

Evaluate activity from Jan 1-Nov 10

Planning and Interim Work Evaluate activity from Nov 10 Dec 31Normal Year-End Work


7/9

7

Materiality

Materiality, as it relates to financial reporting, is the dollar amount that would influence the

lending or investing decisions of financial statement users

Materiality is recognized as part of the objective of an audit, which is to obtain reasonable

assurance about whether the financial statements as a whole are free of material misstatement

o Auditors are not responsible for detecting misstatements that are not material

The audit team considers materiality in planning the audit, performing the audit, and evaluating

the effect of misstatements on financial statements

However, auditors must consider qualitative materiality - a small misstatement with large

consequences

Risk Assessment

The risk assessment processrequires an understanding of the client, its operating environment,

and its industry, including its internal controls

Internal controlis defined as the policies and procedures implemented by an entity to

prevent/detect material accounting fraud/error and provide for their correction in a timely basis

Auditors assess the risk of material misstatement, the combined probability that a material

misstatement (error or fraud) will occur [inherent risk] and the probability that a material

misstatement (error or fraud) will not be prevented or detected on a timely basis [control risk]

by the entitys internal controlso Basically, risk of material misstatement is the likelihood that an error/fraud will exist in

the F/S prior to the auditors work

The primary purpose of assessing the risk of material misstatement is to help auditors determine

the nature, timing, and extent of audit proceduresnecessary to gather evidence about the fairness

of the financial statements

Process of risk assessment includes two relationships:

o 1. Effective internal control Lower level of control risk Allows auditors to evaluate

less evidence and use less effective substantive procedures

o 2. Ineffective internal control Higher level of control risk Requires that auditors

evaluate more evidence and use more effective procedures

Auditors responsibility to report on the effectiveness of an entitys internal controls for publicentities exceeds that for the audit of a nonpublic entity

Audit Evidence

Final element of performance principle is collecting and evaluating evidence to provide the

opinion

o Evidencethe information used by auditors in arriving at the conclusions on which the

audit opinion is based and includes the underlying accounting data and all available

corroborating data

Substantive proceduresare the methods used by auditors to evaluate evidence following the risk

assessment

The performance principle requires auditors to gain persuasive evidence; persuasiveness is an

overall ability of evidence to support the auditors opinion Persuasive evidence relies on both sufficiencyand appropriateness

Appropriateness relates to evidence quality, sufficiency relates to evidence quantity

o Appropriateevidence must be relevant and reliable

Relevancerefers to the nature of information provided by the audit evidence

relates to the quality of evidence; operationalized through management assertions

Reliabilityrefers to the extent of trust auditors place in evidence Evidence that is

reliable is high quality


8/9

8

Reliable evidence also depends on sources: in evaluating potential sources of

evidence, auditors consider the hierarchy of audit evidence quality

1. Direct, personal knowledgeof auditor obtained throughphysical

observationand mathematical computationdone by auditor; this is

considered the most reliable evidence

2.External documentary evidence: documentary evidence obtained

directly from external sources; generally considered reliable, but knowledge

and objectivity of sources must be considered

3. External-Internal evidence: documentary evidence that originated

outside the clients information system but has been processed by the client;considered reliable when internal controls are strong but less reliable than

external evidence

4. Internal evidence: documents produced and stored within the clients

information system; considered low in reliability, but used extensively when

produced under satisfactory internal control conditions

5. Verbal evidence: responses provided by clients officers, directors,owners, etc.; considered the least reliable form of evidence; GAAS requires

auditors obtain written representationwritten assertions provided by

management to auditors on matters such as the fairness of the f/s,availability of financial records and other data, and other specific financial

information

Sufficiency measures the quantity of audit evidence (the number of transactions or components

evaluated)

o Sufficiency is left to auditors professional judgment

o There is no official standard to how much evidence is needed, but sufficient evidencecan be

defined as enough evidence to stand the scrutiny of other auditors (supervisors/reviewers)

and outsiders (critics, judges, etc.)

Sufficiency and appropriateness of evidence is reflected in detection riskthe risk that the audit

teams substantive procedures will fail to detect a material misstatement

o

To lower detection risk, auditors must require higher quality evidence, gather morerelevant and reliable evidence (appropriateness), and evaluate a larger number of

transactions/components (sufficiency)

Thus detection risk is affected by both sufficiency and appropriateness

Fundamental Principle: Reporting

The final stage of an audit

Fundamental reporting principle states: Based on evaluation of evidence obtained, the auditor

expresses in the form of a written report, an opinion in accordance with the auditors findings, or

states that an opinion cant be expressed. The opinion states whether the financial statements are

presented fairly, in all material respects, in accordance with applicable financial reporting

framework The reporting principle requires the auditor to express an opinion on the entitys financial

statements (or indicate that an opinion can not be expressed)

In expressing the opinion, the auditor is required to assess the financial statements against an

applicable set of criteria (GAAP, IFRS, etc.) used to determine the measurement, recognition,

presentation, and disclosure of material items in the financial statements

Types of Audit Opinions:

o Unqualified:a clean opinion that makes no mention of auditing or accounting

deficiencies; F/S are fully in accordance to GAAP


9/9

9

o

Documents

Audit_Chapter 2.docx